Solutions - Security Solution

Security Solution

The usage of Internet has become an essential part in deployment of an Information System:

Send and receive email

Document sharing

Company web site

Different forms of e-commerce

However, each of the above services represents an opportunity for hackers to take advantage of. Today's business has become more dependant on computer networks. Any intrusion to the company's Information System may result in havocs and the business losses may be phenomenal.

Along with the diversification and emergence of new Internet services, potential secure holes are introduced to an Internet-attached system. Therefore the security policy of the Information System is to be constantly reviewed and revised. The deployment of a secure audit and consultancy process is to pinpoint the vulnerability of the Information System and recommend the corresponding precautions.

Our secure audit and consultancy service consists of the following processes:

Penetration test

Penetration test is the process of emulating determined hackers when assessing the security or target hosts and networks. It includes an "exploit phase" with which the testing team can assess the real-world impact of a hacker by attempting to circumvent security measures in place.

A penetration test shall be conducted as the first task for an organization to assess the information security risk. The report shall give the client a clear idea of the real-world situation they are facing by identifying the existing vulnerabilities of their network. After then, the corresponding Information Security strategy can be formulated and deployed.

Security audit

The security audit consists of the following phases:

Review of the security policies and procedures: to define the security expectation of the company and identify potential security gaps in the daily operation practice.

Risk assessment: to identify what the risks are, the acceptance level and the associated impact. Different services have varying risk tolerance in general.

System infrastructure assessment: to review the system modules on potential security holes. This includes server software, user software and network components.

Security recommendation: to recommend resolution to respond to the results of the above audit items and the penetration tests.

Business continuity: to base on the assessment of the crisis impact to define disaster recovery plans and contingency plans.